Guest labfuji Posted November 4, 2007 Posted November 4, 2007 +sorry just repost in the appropriate OS newsgroup Ran the Ad-Aware SE scan found and deleted it. So it says but when I rescan it, Win32 AdWare.Cinmus still show up (either in Normal ot Safe mode). Its location CLSID \{385ABBC-FB22-4D17-8834-064E2BA0A6F0} which when I go to the registry/location and expand there are 2 items + InprocServer32 - hightlight and right pan shows default REG_SZ C:\DOC & SettING\ALL USERS\APPLICATION DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL Threading Model REG_SZ Apartment +TypeLib and hightlight and right pan shows the default REG_SZ {385ABBC-FB22-4D17-8834-064E2BA0A6F0} can some advice what shall I do here? On item 1 do I hightlight the Threading Model on the right pan and delete this item or instead of 'Apartment' leave it blank o Many thanks for your education.
Guest Meinolf Weber Posted November 4, 2007 Posted November 4, 2007 Re: AfterAd-Aware SEremoval, still appears Hello labfuji, What posting are you talking about? Subject: Heur/Malware? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > +sorry just repost in the appropriate OS newsgroup > > Ran the Ad-Aware SE scan found and deleted it. So it says but when I > rescan it, Win32 AdWare.Cinmus still show up (either in Normal ot Safe > mode). Its location CLSID \{385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > which when I go to the registry/location and expand there are 2 items > + InprocServer32 - hightlight and right pan shows default REG_SZ > C:\DOC & SettING\ALL USERS\APPLICATION > DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL Threading Model REG_SZ Apartment > > +TypeLib and hightlight and right pan shows the default REG_SZ > {385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > can some advice what shall I do here? On item 1 do I hightlight the > Threading Model on the right pan and delete this item or instead of > 'Apartment' leave it blank o > > Many thanks for your education. >
Guest labfuji Posted November 4, 2007 Posted November 4, 2007 Re: AfterAd-Aware SEremoval, still appears In the broad sense, guess they are related as the pc is infected. On the second posting is really how can I remove the infection manually of the Ad-Aware SE scan result which shows "Win32 AdWare.Cinmus " Hope this clarify your point and thanks "Meinolf Weber" wrote: > Hello labfuji, > > What posting are you talking about? Subject: Heur/Malware? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm > > > +sorry just repost in the appropriate OS newsgroup > > > > Ran the Ad-Aware SE scan found and deleted it. So it says but when I > > rescan it, Win32 AdWare.Cinmus still show up (either in Normal ot Safe > > mode). Its location CLSID \{385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > > > which when I go to the registry/location and expand there are 2 items > > + InprocServer32 - hightlight and right pan shows default REG_SZ > > C:\DOC & SettING\ALL USERS\APPLICATION > > DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL Threading Model REG_SZ Apartment > > > > +TypeLib and hightlight and right pan shows the default REG_SZ > > {385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > > > can some advice what shall I do here? On item 1 do I hightlight the > > Threading Model on the right pan and delete this item or instead of > > 'Apartment' leave it blank o > > > > Many thanks for your education. > > > > >
Guest Frank Booth Snr Posted November 7, 2007 Posted November 7, 2007 Re: AfterAd-Aware SEremoval, still appears labfuji wrote: > +sorry just repost in the appropriate OS newsgroup > > Ran the Ad-Aware SE scan found and deleted it. So it says but when I rescan > it, Win32 AdWare.Cinmus still show up (either in Normal ot Safe mode). > Its location CLSID \{385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > which when I go to the registry/location and expand there are 2 items > + InprocServer32 - hightlight and right pan shows > default REG_SZ C:\DOC & SettING\ALL USERS\APPLICATION > DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL > Threading Model REG_SZ Apartment > > +TypeLib and hightlight and right pan shows > the default REG_SZ {385ABBC-FB22-4D17-8834-064E2BA0A6F0} > > can some advice what shall I do here? On item 1 do I hightlight the > Threading Model on the right pan and delete this item or instead of > 'Apartment' leave it blank o > It sounds like it's part of a download from Microsoft. I suggest this is not a necessary part of Win2k, unless you intentionally downloaded some update from MS. First back up your registry. Open registry, starting at the top, go to edit/find then type in pc toools and delete every instance of it, but be careful not to delete anything else. I'd also delete the pctools folder and the files it contains from the C: drive. Reboot the PC and see what happens.
Recommended Posts